CVE-2009-1341

EPSS 6.47%
Published 30.04.2009 20:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Memory leak in the dequote_bytea function in quote.c in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.0.0 for Perl allows context-dependent attackers to cause a denial of service (memory consumption) by fetching data with BYTEA columns.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Debian ≫ Libdbd-pg-perl Version <= 1.4.9

Debian ≫ Libdbd-pg-perl Version0.1

Debian ≫ Libdbd-pg-perl Version0.2

Debian ≫ Libdbd-pg-perl Version0.3

Debian ≫ Libdbd-pg-perl Version0.4

Debian ≫ Libdbd-pg-perl Version0.5

Debian ≫ Libdbd-pg-perl Version0.51

Debian ≫ Libdbd-pg-perl Version0.52

Debian ≫ Libdbd-pg-perl Version0.61

Debian ≫ Libdbd-pg-perl Version0.62

Debian ≫ Libdbd-pg-perl Version0.63

Debian ≫ Libdbd-pg-perl Version0.64

Debian ≫ Libdbd-pg-perl Version0.65

Debian ≫ Libdbd-pg-perl Version0.66

Debian ≫ Libdbd-pg-perl Version0.67

Debian ≫ Libdbd-pg-perl Version0.68

Debian ≫ Libdbd-pg-perl Version0.69

Debian ≫ Libdbd-pg-perl Version0.70

Debian ≫ Libdbd-pg-perl Version0.71

Debian ≫ Libdbd-pg-perl Version0.72

Debian ≫ Libdbd-pg-perl Version0.73

Debian ≫ Libdbd-pg-perl Version0.80

Debian ≫ Libdbd-pg-perl Version0.81

Debian ≫ Libdbd-pg-perl Version0.82

Debian ≫ Libdbd-pg-perl Version0.83

Debian ≫ Libdbd-pg-perl Version0.84

Debian ≫ Libdbd-pg-perl Version0.85

Debian ≫ Libdbd-pg-perl Version0.86

Debian ≫ Libdbd-pg-perl Version0.87

Debian ≫ Libdbd-pg-perl Version0.88

Debian ≫ Libdbd-pg-perl Version0.89

Debian ≫ Libdbd-pg-perl Version0.90

Debian ≫ Libdbd-pg-perl Version0.91

Debian ≫ Libdbd-pg-perl Version0.92

Debian ≫ Libdbd-pg-perl Version0.93

Debian ≫ Libdbd-pg-perl Version0.94

Debian ≫ Libdbd-pg-perl Version0.95

Debian ≫ Libdbd-pg-perl Version0.96

Debian ≫ Libdbd-pg-perl Version0.97

Debian ≫ Libdbd-pg-perl Version0.98

Debian ≫ Libdbd-pg-perl Version0.99

Debian ≫ Libdbd-pg-perl Version1.0.0

Debian ≫ Libdbd-pg-perl Version1.0.1

Debian ≫ Libdbd-pg-perl Version1.2.0

Debian ≫ Libdbd-pg-perl Version1.2.1

Debian ≫ Libdbd-pg-perl Version1.2.2

Debian ≫ Libdbd-pg-perl Version1.3.1

Debian ≫ Libdbd-pg-perl Version1.3.2

Debian ≫ Libdbd-pg-perl Version1.4.0

Debian ≫ Libdbd-pg-perl Version1.4.1

Debian ≫ Libdbd-pg-perl Version1.4.2

Debian ≫ Libdbd-pg-perl Version1.4.3

Debian ≫ Libdbd-pg-perl Version1.4.4

Debian ≫ Libdbd-pg-perl Version1.4.5

Debian ≫ Libdbd-pg-perl Version1.4.6

Debian ≫ Libdbd-pg-perl Version1.4.7

Debian ≫ Libdbd-pg-perl Version1.4.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.47%	0.901

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.redhat.com/support/errata/RHSA-2009-1067.html

http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html

http://secunia.com/advisories/35685

http://secunia.com/advisories/34909

Vendor Advisory

http://secunia.com/advisories/35058

Vendor Advisory

http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz

http://www.debian.org/security/2009/dsa-1780

http://www.redhat.com/support/errata/RHSA-2009-0479.html

http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.13.1/Changes

http://rt.cpan.org/Public/Bug/Display.html?id=21392

http://www.securityfocus.com/bid/34757

https://exchange.xforce.ibmcloud.com/vulnerabilities/50387

https://launchpad.net/bugs/cve/2009-1341

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9680

https://nvd.nist.gov/vuln/detail/CVE-2009-1341

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1341

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1341

EUVD